Pluralistic: A "secure" system can be the most dangerous of all (13 July 2023)

Today's links

A down-the-barrel view of a massive, battleship-gray artillery piece protruding from the brick battlement of a fortress. From the black depths of the barrel shines a red neon 'EBT' sign.

A "secure" system can be the most dangerous of all (permalink)

Two decades ago, my life changed forever: hearing Bruce Schneier explain that "security" doesn't exist in the abstract. You can only be secure from some threat. A fire alarm won't protect you from burglaries. A condom won't protect you from mass shootings. It seems obvious, but how often do we hear about "security" without any mention of who is being made secure, and from which threat?

Take the US welfare system. It is very "secure" in that it is hedged in by a thicket of red-tape, audits, inspections and onerous procedures. To get food stamps, housing vouchers, or cash aid, you must navigate a Soviet-grade bureaucratic system of Kafkaesque proportions. Indeed, one of the great ironies of the post-Cold War world is that the USA has become a "Utopia Of Rules" (as David Graeber put it), subjecting everyday people to the state-run bureacracies that the USAUSAUSA set endlessly ridiculed the USSR for:

(The right says it wants to "shrink the US government until fits in a bathtub – and then drown it" – but not the whole government. They want unlimited government bloat for that part of the state that is dedicated to tormenting benefits claimants, especially if its functions are managed by a Beltway Bandit profiteer who bills Uncle Sucker up the wazoo for rubber-stamping "DENIED" on every claim.)

The US benefits system has a sophisticated, expensive, fully staffed anti-fraud system – but it's a highly selective form of anti-fraud. The system is oriented solely to prevent fraud against itself, with no thought to protecting benefits recipients themselves from fraud.

And those recipients – by definition the poorest and most vulnerable among us – are easy pickings for continuous, ghastly, eye-watering acts of fraud. These benefits are distributed via prepaid debit cards – EBT Cards – that lack the basic security measures that every other kind of card has had for years. These are simple magstripe cards, lacking basic chip-and-pin defenses, to say nothing of contactless countermeasures.

That means that fraudsters can – and do – install skimmers in the point-of-sale terminals used by benefits recipients to withdraw their cash benefits, pay for food using SNAP (AKA Food Stamps), and receive other benefits.

It's impossible to overstate how widespread these skimmers are, and how much money criminals make by stealing from poor people. Writing for Businessweek, Jessica Fu describes the mad scramble benefits recipients go through every month, standing by ATMs at midnight on the night of the first of every month in hopes of withdrawing the cash they use to pay for their rent and utility bills before it is stolen by a crook who captured their card number with a skimmer:

One of Fu's sources, Lexisnexis Risk Solutions's Haywood Talcove, describes these EBT cards as having the security of a "glorified hotel room key." He recounts how US police departments saw a massive explosion in EBT skimming: from 300 complaints in January 2022 to 18,000 in January 2023.

The skimmer rings are extremely well organized. The people who install the skimmers – working in pairs, with one person to distract the cashier while the other quickly installs the skimmer – don't know who they work for. Neither do the people who use cards cloned from skimmer data to cash out benefits recipients' accounts. When they are arrested, they refuse to turn on their immediate recruiters, fearing reprisals against their families.

These low-level crooks stroll up to ATMs and feed a succession of cloned cards into them, emptying account after account. Or they swipe cards at grocery checkouts, buying cases of Red Bull and other easily sold grocery products with some victim's entire SNAP balance.

Some police agencies are pursuing these criminal gangs and trying figure out who's running them, but the authorities who issue SNAP cards are doing little to nothing to stop the pipeline at their end. Simply upgrading SNAP terminals to chip-and-pin would exponentially raise the cost and complexity that thieves incur.

Indeed, that's why every other kind of payment card uses these systems. How is it that these systems were upgraded, while SNAP cards remain in mired in 20th century "glorified hotel room key" territory? Well, as our friends on the right never cease to remind us: "incentives matter."

When your credit card gets cloned, it's your banks and credit card company that pay for the losses, not you. So the banks demanded (and funded) the upgrade to new anti-fraud measures. By contrast, most states have no system for refunding stolen benefits to skimmers' victims.

In other words, all of the anti-fraud in the benefits system is devoted to catching benefits cheating – a phenomenon that is so rare as to be almost nonexistent (1.54%), notwithstanding right wingers' fevered, Reagan-era folktales about "welfare queens":

Meanwhile, the most widespread and costly form of fraud in the benefits system – fraud perpetrated against benefits recipients – is blithely ignored.

Really, it's worse than that. In deciding to protect the welfare system rather than welfare recipients, we've made it vastly harder for benefits claimants who've been victimized by fraudsters to remain fed and sheltered. After all, if we made it simple and straightforward for benefits recipients to reclaim money that was stolen from them, we'd make it that much easier to defraud the system.

"Security" is always and forever a matter of securing some specific thing, against some specific risk. In other words, security reflects values – it reveals whose risk matters, and whose doesn't. For the American benefits system, risks to the system matter. Risks to people don't.

It's not just the welfare system that prioritizes its own risks against the people it exists to serve. Think of the systems used to fight drug abuse in clinical settings.

Medical facilities that use or dispense powerful pain-killers have exquisitely tuned, sophisticated, frequently audited security systems to prevent patients from tricking their doctors or pharmacists into administering extra drugs (especially opioids). "Extra" in this case means "more drugs than are strictly necessary to manage pain."

The rationale for this is only incidentally medical. Someone who gets a little too much painkiller during a medical procedure or an acute pain episode is not at any particular risk of enduring harm – the risks are minor and easily managed (say, by keeping a patient in bed a little longer while they recover from sedation).

The real agenda here is preventing addiction and abuse by addicted people. There's a genuine problem with opioid abuse, and that problem does have its origins in overprescription. But – crucially – that overprescription wasn't the result of wimpy patients insisting on endless painkillers until they enslaved themselves to their pills.

Rather, the opioid epidemic has its origins in the billionaire Sackler crime family, whose Purdue Pharma used scientific fraud, cash incentives, and other deceptive practices to trick, coerce, or bribe doctors into systematically overprescribing their Oxycontin cash cow, even as they laundered their reputation with showy charitable donations:

The Sacklers got to keep their billions – and people undergoing painful medical procedures or living with chronic pain are left holding the bag, subject to tight pain-med controls that forces them to prove – through increasingly stringent systems – that they truly deserve their medicine.

In other words, the beneficiary of the opioid control system is the system itself – not the patients who need opioids.

There's an extremely disturbing – even nightmarish – example of this in the news: the Yale Fertility Clinic, where hundreds of women endured unimaginably painful egg harvesting procedures with no anaesthesia at all.

These women had complained for years about the pain they suffered, and many had ended up needing emergency care after the fact because of traumatic injuries caused by undergoing the procedure without pain control. But the doctors and nurses at the Yale clinic ignored their screams of pain and their post-operative complaints.

It turned out that an opioid-addicted nurse had been swapping the fentanyl in the drug cabinet for saline, and taking the fentanyl home for her own use.

This made national headlines at the time, and it is the subject of "The Retrievals," a new New York Times documentary series podcast:

If the pain medication management system was designed to manage pain, then these thefts would have been discovered early on. If the system was designed so that anyone who experienced pain was treated until the pain was under control, the deception would have been uncovered almost immediately.

As Stafford Beer said, "the purpose of any system is what it does." The pain medication management system was designed to manage pain medication, not pain itself.

The system was designed to be secure from opioid-seeking addicted patients. It was not designed to make patients secure from pain. Its values – our values, as a society – were revealed through its workings.

(Image: Bjarne Henning Kvaale, CC BY-SA 3.0, modified)

Hey look at this (permalink)

A Wayback Machine banner.

This day in history (permalink)

#10yrsago Lunch with the Financial Times

Colophon (permalink)

Today's top sources:

Currently writing:

  • A Little Brother short story about DIY insulin PLANNING

  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • Vigilant, Little Brother short story about remote invigilation. ON SUBMISSION

  • Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION

  • Spill, a Little Brother short story about pipeline protests. ON SUBMISSION

Latest podcast: Ideas Lying Around

Upcoming appearances:

Recent appearances:

Latest books:

Upcoming books:

  • The Internet Con: A nonfiction book about interoperability and Big Tech, Verso, September 2023

  • The Lost Cause: a post-Green New Deal eco-topian novel about truth and reconciliation with white nationalist militias, Tor Books, November 2023

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

(Latest Medium column: "Let the Platforms Burn: The Opposite of Good Fires is Wildfires"

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla